Gofiber Fiber
14 CVEs affecting Gofiber Fiber. Latest disclosed: 2026-05-11. Critical: 3, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-38513 | Critical | 10.0 | 2024-07-01 | Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions… |
CVE-2023-45128 | Critical | 10.0 | 2023-10-16 | Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allow… |
CVE-2024-25124 | Critical | 9.4 | 2024-02-21 | Fiber is a web framework written in go. Prior to version 2.52.1, the CORS middleware allows for insecure configurations that could potentially expose the appli… |
CVE-2023-45141 | High | 8.6 | 2023-10-16 | Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allow… |
CVE-2026-25899 | High | 7.5 | 2026-02-24 | Fiber is an Express inspired web framework written in Go. In versions on the v3 branch prior to 3.1.0, the use of the `fiber_flash` cookie can force an unbound… |
CVE-2026-30246 | Medium | 6.5 | 2026-05-05 | Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request… |
CVE-2026-42554 | Medium | 6.1 | 2026-05-11 | Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Site Scripting vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/J… |
CVE-2023-41338 | Medium | 5.3 | 2023-09-08 | Fiber is an Express inspired web framework built in the go language. Versions of gofiber prior to 2.49.2 did not properly restrict access to localhost. This is… |
CVE-2020-15111 | Medium | 4.2 | 2020-07-20 | In Fiber before version 1.12.6, the filename that is given in c.Attachment() (https://docs.gofiber.io/ctx#attachment) is not escaped, and therefore vulnerable… |
CVE-2026-25891 | | 2026-02-24 | Fiber is an Express inspired web framework written in Go. A Path Traversal (CWE-22) vulnerability in Fiber allows a remote attacker to bypass the static middle… | |
CVE-2026-25882 | | 2026-02-24 | Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the… | |
CVE-2025-66630 | | 2026-02-09 | Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an… | |
CVE-2025-54801 | | 2025-08-05 | Fiber is an Express inspired web framework written in Go. In versions 2.52.8 and below, when using Fiber's Ctx.BodyParser to parse form data containing a large… | |
CVE-2025-48075 | | 2025-05-22 | Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, `fiber.Ctx.BodyParser` can map flat data to n… |